Re: tcpd with xinetd

To: "Norbert Veber" <nveber@vtech.ddns.org>, "Remco Blaakmeer" <remco@Cal011205.student.utwente.nl>
Cc: debian-devel@lists.debian.org
Subject: Re: tcpd with xinetd
From: "Jules Bean" <jmlb2@hermes.cam.ac.uk>
Date: Sat, 04 Jul 1998 21:53:46 +0100
Message-id: <[🔎] 886306.3108578026@195.82.102.210>

--On Sat, Jul 4, 1998 4:38 pm -0400 "Norbert Veber" <nveber@vtech.ddns.org>
wrote: 

>> Now, how can I allow access from *.utwente.nl to my host? Or from *.nl?
As
>> I read the above paragraph, this is something xinetd can't do. With tcpd,
>> one can allow access from *.student.utwente.nl while denying access from
>> the rest of *.utwente.nl, with only two (obvious) lines. In xinetd.conf,
>> this would be a lot more difficult since *.utwente.nl is 130.89.0.0 -
>> 130.89.255.255 and *.student.utwente.nl is 130.89.220.0 - 130.89.234.255.
>> 
>> And how would I allow access to a particular service from *.nl while
>> denying access to that server from the rest of the world? This may seem
>> senseless, but AFAIK it's something xinetd can not easily do.
> 
> Ahh you are right, I guess I should have read the whole thing before
saying
> that :)  What you can do is do ip matching, ie ionline.net is 207.6.175.x
so
> if you want to deny/allow access to ionline.net, you would put 207.6.175.0
> ni xinetd.conf.  It does say that hostnames are supported, but doesnt say
> anything about using wildcards, *.ionline.net probably would not work. 
This
> can probably be done with /etc/networks, but this is undocumented for the
> moment.

Just to clear up that little point -

What you are describing could not be done with /etc/networks, which is about
IP networks - i.e. things like 207.6.175.*, not domain masks.

Jules


/----------------+-------------------------------+---------------------\
|  Jelibean aka  | jules@jellybean.co.uk         |  6 Evelyn Rd        |
|  Jules aka     | jules@debian.org              |  Richmond, Surrey   |
|  Julian Bean   | jmlb2@hermes.cam.ac.uk        |  TW9 2TF *UK*       |
+----------------+-------------------------------+---------------------+
|  War doesn't demonstrate who's right... just who's left.             |
|  When privacy is outlawed... only the outlaws have privacy.          |
\----------------------------------------------------------------------/



--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: A project to provide a nicer GUI for installing debian ?
Next by Date: Re: Debian 2.0 Beta: apt-get
Previous by thread: Re: tcpd with xinetd
Next by thread: Default Installation Configurations
Index(es):
- Date
- Thread